Microsoft Identifies 3 Trojans Affected Brazilian Online Bankers

According to Microsoft, which released its Security Intelligence Report (Edition VI) in April 2009 for 2H-2008, a crucial problem from phishing relates to malware that targets people using 'financial services' and 'online banking,' especially in Brazil.

Microsoft states that three groups of malicious code exist that fundamentally target the Brazilian bank customers, with almost 80% of the PCs infected by these groups during 2H-2008 were located in Brazil. Moreover, the attacks for infecting the computers were relied on the Portuguese language text along with social engineering.

The report also reveals that the first group of malicious software is Trojan 'Win32/Banker'. This malware, according to security experts, is designed to follow users' online activities, while it potentially grabs personal data like passwords, banking credentials and account numbers when users go to any banking or payment sites. Subsequently, the Trojan transmits all of the stolen data to the hacker's server.

The second group is Trojan Win32/Bancos. Security researchers states that this malicious software is a keystroke logging program that seizes bank account details once it plants itself on the infected computer's registry. The Trojan shows a counterfeit login box where once the user feeds in personal information, the virus transmits all of it to the attacker.

Another group comprising the third malicious software is Win32/Banload, which downloads variants of both Win32/Banker and Win32/Bancos online and then run them on the infected PC.

Moreover, security researchers elucidate that the e-mails based on social engineering used by these three groups often exploit users' apprehension in order to sound urgent.

Giving an example of message used by malware distributors in an unsolicited e-mail, security experts disclose that the e-mail gives information about a new solution available to remedy a significant flaw in the identification system of the client that could result in access problems and data loss. The e-mail further says that the fix is easy, quick and simple, while it also provides an associated link.

However, according to the security experts, unwitting users who click on the given link could allow their PCs to be infected with malicious code, or money withdrawn illegally out of their accounts.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 5/12/2009